Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Micro 5.2 package qemu, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (26)
CVE-2022-1050 — CVSS 8.8 (high): A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW…
CVE-2022-35414 — CVSS 8.8 (high): softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex…
CVE-2021-3929 — CVSS 8.2 (high): A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just…
CVE-2021-4206 — CVSS 8.2 (high): A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation…
CVE-2021-3750 — CVSS 8.2 (high): A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its…
CVE-2021-4207 — CVSS 8.2 (high): A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and…
CVE-2022-0358 — CVSS 7.8 (high): A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to…
CVE-2024-4467 — CVSS 7.8 (high): A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value…
CVE-2023-3354 — CVSS 7.5 (high): A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of…
CVE-2024-7409 — CVSS 7.5 (high): A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during…
CVE-2025-11234 — CVSS 7.5 (high): A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This…
CVE-2024-6505 — CVSS 6.8 (medium): A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table…
CVE-2022-4144 — CVSS 6.5 (medium): An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of…
CVE-2021-3638 — CVSS 6.5 (medium): An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while…
CVE-2021-3930 — CVSS 6.5 (medium): An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in…
CVE-2021-3507 — CVSS 6.1 (medium): A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler()…
CVE-2023-2861 — CVSS 6.0 (medium): A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on…
CVE-2023-3180 — CVSS 6.0 (medium): A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req…
CVE-2024-3447 — CVSS 6.0 (medium): A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size…
CVE-2023-1544 — CVSS 6.0 (medium): A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and…
CVE-2023-3301 — CVSS 5.6 (medium): A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the…
CVE-2023-0330 — CVSS 5.3 (medium): A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption…
CVE-2022-0216 — CVSS 4.4 (medium): A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing…
CVE-2024-8612 — CVSS 3.8 (low): A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in…
CVE-2020-14394 — CVSS 3.2 (low): An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB)…
CVE-2022-26354 — CVSS 3.2 (low): A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing…